Thread

Article header

**Sovereign Bitcoin P2P Marketplaces: A Comparative Non-KYC Risk and Architecture Analysis**

This report evaluates six major non-KYC Bitcoin P2P marketplaces—Bisq, RoboSats, Mostro, Peach, Vexl, and Hodl Hodl—through a hard sovereignty and anti-capture lens. It concludes that Bisq, RoboSats, and Mostro form the true sovereign core (“Sovereign Trident”), while Peach, Vexl, and Hodl Hodl are useful but structurally constrained by regulation, identity requirements, and data collection.

Published:

0. tl;dr

This report evaluates six non-KYC, peer-to-peer Bitcoin marketplaces from a hard sovereignty, anti-capture, anti-KYC perspective:

  • Bisq
  • RoboSats
  • Mostro
  • Peach Bitcoin
  • Vexl
  • Hodl Hodl

Final ranking (from this perspective):

Tier 0 – Core Sovereign Primitives (“Sovereign Trident”)

  1. Bisq – on-chain, Tor-native, DAO-governed, no registration.
  2. RoboSats – Lightning-only, Tor-only, avatar-based, no KYC.
  3. Mostro – Nostr+Lightning protocol, no KYC, many-potential-instances.

Tier 1 – Strong but Regulation-Anchored 4. Peach Bitcoin – non-custodial, no-document P2P within Swiss AML limits.

Tier 2 – Peripheral / Identity-heavy / Soft-KYC 5. Vexl – open source, social-graph P2P, but phone required & “KYC on authorities’ request.” 6. Hodl Hodl – non-custodial multisig, but heavy data collection & mandatory KYC in disputes.

The “best of the best” for a sovereignty-maximalist stack are Bisq, RoboSats, and Mostro. The others are useful tools, but structurally less aligned with hard, post-state sovereignty.

1. Context & objectives

1.1 Why these platforms

All of these are:

  • Bitcoin-native
  • Non-KYC in everyday use (no passport/selfie onboarding)
  • P2P, not custodial CEXs

They are often recommended as “ways to buy BTC without KYC” and form the current practical universe of non-KYC infra.

1.2 Evaluation goal

The goal is not “which is nicest to use” or “which has the most users.”

The goal is:

Identify which platforms are structurally hardest to capture, surveil, or convert into KYC honeypots, while still being practically usable.

2. Evaluation criteria

The audit used these axes:

  1. KYC regime
  • Does the platform architecturally avoid KYC, or just “choose not to do it yet”?
  • Is there an explicit “KYC on request / in disputes / under law” escape hatch?
  1. Identity surface
  • Are phone numbers, emails, device IDs, or social graphs required?
  • Is usage possible with no obvious real-world identifier?
  1. Data exhaust & retention
  • What gets logged: IPs, MAC, device fingerprints, chats, payments, location?
  • How long is data retained and under which policy?
  1. Topology & choke points
  • Protocol / P2P overlay vs. single web backend.
  • Tor / Nostr vs. clearnet HTTP.
  • App-store dependence.
  1. Governance & capture risk
  • DAO / foundation vs. licensed company in a specific jurisdiction.
  • Legal obligations and AML registration.
  1. Maturity & liquidity
  • Enough usage and volume to matter.
  • Battle-tested vs. experimental.
  1. Alignment with a sovereign stack
  • Fits into a Bitcoin-first, Tor/Nostr-friendly, FOSS, forkable, ghostable architecture.

3. Platforms evaluated – high-level overview

3.1 Bisq

  • What it is: Open-source desktop app; decentralized P2P Bitcoin exchange over Tor for BTC/fiat and some crypto pairs. No registration.(bisq.network)

  • Key architecture:

  • Network: P2P overlay, Tor-only communications.(KYCnot)

  • Escrow: 2-of-2 on-chain multisig with security deposits.(KYCnot)

  • Governance: Bisq DAO, with BSQ token, no central bank accounts.(bisq.network)

  • KYC / identity:

  • “No registration or KYC” and “no central custody or data storage” per Bisq + KYCnot.(KYCnot)

3.2 RoboSats

  • What it is: Lightning-based, Tor-only P2P BTC exchange; random one-use robot avatars; non-custodial via LN hold invoices.(Learn RoboSats)

  • Key architecture:

  • Access: Tor-only now; no clearnet.(Learn RoboSats)

  • Escrow: LN hodl invoices as bonds and escrow.(Learn RoboSats)

  • Code: Free/libre open-source, federated coordinators possible.(Learn RoboSats)

  • KYC / identity:

  • “KYC-free,” no personal identification, single-use avatars.(Learn RoboSats)

3.3 Mostro

  • What it is: NO-KYC P2P Lightning exchange on Nostr, with Mostro nodes acting as escrow.(Mostro)

  • Key architecture:

  • Network: P2P communications on top of Nostr.(GitHub)

  • Escrow: LN node running a Mostro daemon creates hold invoices and pays buyer invoices.(Mostro)

  • KYC / identity:

  • FAQ: operates on Nostr and “does not require KYC procedures.”(Mostro)

3.4 Peach Bitcoin

  • What it is: Swiss-based mobile P2P app for trading BTC anonymously: “no personal identification processes (No KYC).”(Peach Bitcoin Exchange)

  • Key architecture:

  • Platform: iOS & Android mobile app, non-custodial with escrow.(Peach Bitcoin Exchange)

  • Escrow: on-chain multisig, funds always under user keys (per Peach tech explainer).(Peach Bitcoin Exchange)

  • KYC / identity / regulation:

  • “We do not conduct any personal identification processes” (no ID/selfie).(Peach Bitcoin Exchange)

  • But: Peach is a Swiss licensed financial service provider, SRO member (Polyreg), fully compliant with Switzerland’s AMLA. (Peach Bitcoin Exchange)

  • Non-KYC limits: up to 1000 CHF per day and 100,000 CHF per year.(Peach Bitcoin Exchange)

3.5 Vexl

  • What it is: Open-source P2P mobile app; users trade via phone contacts and friends-of-friends; “peer-to-peer and without KYC.”(KYCnot)

  • Key architecture:

  • Social-graph model: trades inside “local community of your friends and friends of friends.”(Vexl)

  • Open source; designed to not expose activities to the company (per KYCnot).(KYCnot)

  • KYC / identity:

  • KYCnot: “Phone number is required” and KYC level 2 (“KYC on authorities’ request”) with 73% privacy / 81% trust score.(KYCnot)

3.6 Hodl Hodl

  • What it is: Global P2P BTC platform using non-custodial multisig escrow.(Hodl Hodl)

  • Key architecture:

  • Web platform, account-based; trades locked in 2-of-3 multisig contracts, platform doesn’t hold funds.(Hodl Hodl)

  • KYC / data policy:

  • Advertised as “Anonymous P2P deals on your terms” and “without KYC/AML” in normal use.(Hodl Hodl)

  • KYCnot ToS review: collects account info, trading details, communications, IP/MAC, device, logs, and location; data may be stored up to 5 years post-deletion; voluntary KYC except mandatory in disputes or suspected abuse (fraud, laundering).(KYCnot)

4. Detailed analysis by criteria

4.1 Bisq

Strengths

  • Architecture:

  • No central server; trades coordinated purely via a Tor-only P2P network.(bisq.network)

  • DAO-based governance, BSQ token for compensation, no centrally held fiat or BTC treasury.(bisq.network)

  • KYC & identity:

  • KYCnot summarizes: “no KYC/registration, full user control over funds, Tor-based privacy, DAO governance, no central custody or data storage.”(KYCnot)

  • No email, phone, or account needed; everything is local to the client.

  • Data surface:

  • No central data store; only on-chain information and whatever you expose via fiat rails.

  • Capture resistance:

  • To impose KYC, attackers would need to force all clients to update and comply; older, non-KYC versions of the client will keep working.

  • No company to license or de-license; only devs and DAO contributors to harass.

Weaknesses

  • Fiat rails:

  • Bank transfers (SEPA, ACH, etc.) still leave identity trails for both counterparties and banks.

  • UX & adoption:

  • Desktop-only, Tor, multisig, security deposits: more friction than a simple mobile app.

Verdict

Bisq is the strongest base-layer sovereign primitive here: architecturally hard to kill or turn into a surveillance honeypot, with no built-in identity anchors.

4.2 RoboSats

Strengths

  • Architecture:

  • Designed as a Tor-only Lightning P2P exchange, with random one-use avatars and no clearnet endpoint.(Learn RoboSats)

  • Non-custodial LN hold-invoice escrow: coordinator cannot simply take funds.(Learn RoboSats)

  • Fully open-source and listed on KYCnot as a FOSS, Tor-only, KYC-free service.(KYCnot)

  • KYC & identity:

  • “Simple and KYC-free. You will generate a random robot avatar for a single use. The exchange is Tor-only.”(Learn RoboSats)

  • No phone, email, or name collection; identity surface is very low.

  • Practicality:

  • LN makes trades fast, cheap, and granular; widely used in Lightning-focused circles.(Learn RoboSats)

Weaknesses

  • Coordinator risk:

  • There is a coordinator (or federated set of coordinators); each is a legal and technical chokepoint.

  • Lightning privacy limits:

  • LN isn’t perfectly private; advanced adversaries can still do network and graph analysis.

Verdict

RoboSats is a top-tier Lightning P2P primitive: Tor-only, no KYC, minimal identity surface, structurally weaker than Bisq due to coordinators but very well aligned for small/medium non-KYC LN flows.

4.3 Mostro

Strengths

  • Architecture:

  • P2P communication layer built on Nostr, with Mostro acting as an escrow that holds sats only briefly via LN node.(Mostro)

  • Official docs: “It operates on Nostr and does not require KYC procedures.”(Mostro)

  • Privacy design:

  • Nostr-based; clients can be desktop/mobile/CLI; not tied to a single front-end.(GitHub)

  • External analyses highlight Mostro’s goal to be decentralized and privacy-enhancing, open source, and natively non-KYC.(Medium)

  • KYC & identity:

  • Identity is a Nostr key; no phone/email requirement at protocol level.(Mostro)

Weaknesses

  • Node/escrow operators as chokepoints:

  • Each Mostro daemon is a Lightning node and mediation point; operators can be pressured in specific jurisdictions.

  • Relative maturity:

  • Newer and less widely known than Bisq/Hodl Hodl; adoption is still growing.

Verdict

Mostro is an emerging Nostr-native Lightning protocol that is philosophically and architecturally aligned with deep sovereignty. As liquidity and the number of independent operators grow, it becomes a central LN component of a sovereign stack.

4.4 Peach Bitcoin

Strengths

  • Architecture:

  • Mobile P2P app; non-custodial; Peach coordinates trades and provides escrow, but users hold their keys.(Peach Bitcoin Exchange)

  • KYC stance (today):

  • “We do not conduct any Personal Identification processes (No KYC - Know Your Customer).”(Peach Bitcoin Exchange)

  • Users can “Buy and sell up to 1000 CHF per day and 100,000 CHF per year” without KYC.(Peach Bitcoin Exchange)

  • FAQ & tutorials emphasize “No KYC required” as a core selling point.(Peach Bitcoin Exchange)

  • UX & adoption:

  • Clean mobile UX; wide range of fiat methods and regions, with growing usage.(Peach Bitcoin Exchange)

Weaknesses

  • Regulatory anchoring:

  • Peach is a Swiss licensed financial service provider, member of SRO Polyreg, “fully compliant with Switzerland’s Anti-Money Laundering Act.”(Peach Bitcoin Exchange)

  • Non-KYC operation is explicitly bounded by AML thresholds; a legal change can force different behavior.

  • Device / app-store dependence:

  • Mobile-only, distributed via Apple/Google app stores; device-ID and platform policies are powerful external levers.(Google Play)

Verdict

Peach is a very strong, non-custodial, no-doc P2P app inside a regulated framework. It is an excellent pragmatic bridge but not a sovereignty-core primitive, because it’s structurally bound to Swiss AML law and mobile/app-store ecosystems.

4.5 Vexl

Strengths

  • Architecture:

  • P2P trading mobile app; open source; uses your contacts and friends-of-friends to build trust and offers.(KYCnot)

  • KYCnot describes it as “P2P trading open-source mobile app. No middlemen or KYC… Vexl doesn’t have access to users’ activities or identities” at the technical level.(KYCnot)

  • Privacy design (technical):

  • Contacts used via hashing; sensitive data stored locally and encrypted.

Weaknesses

  • Identity surface:

  • Vexl requires a phone number; KYCnot flags “phone number is required” as an attribute.(KYCnot)

  • Phone numbers are often KYC’d via telecoms; strong real-world identity link.

  • Cooperation stance:

  • KYCnot: KYC level 2: “KYC on authorities’ request.”(KYCnot)

  • Legal entity and app-store distribution add more chokepoints.(Vexl)

Verdict

Vexl is technically interesting and good for friend-network / local P2P trades, but its mandatory phone requirement and “KYC on authorities’ request” stance make it unsuitable as a deep-sovereignty core primitive.

4.6 Hodl Hodl

Strengths

  • Architecture:

  • Non-custodial: trades locked in 2-of-3 multisig escrow; the platform does not hold user BTC balances.(Hodl Hodl)

  • Global P2P market with many currencies, 100k+ deals, 300k+ users.(Hodl Hodl)

  • KYC stance (surface):

  • Presents itself as “Anonymous P2P deals on your terms” without KYC/AML for normal usage.(Hodl Hodl)

Weaknesses

  • Data collection & retention:

  • KYCnot ToS review: collects account data (email, nickname, timezone), trading details (addresses, chats, payments), communications, IP/MAC, device info, logs, location; data can be stored up to 5 years after account deletion.(KYCnot)

  • Soft KYC:

  • “KYC is voluntary, but mandatory ID verification required in disputes or suspected abuse (fraud, laundering).”(KYCnot)

  • Topology:

  • Traditional web platform and company; clear DNS/hosting and legal chokepoints.(Hodl Hodl)

Verdict

Hodl Hodl is practical and widely used, but from a hyper-adversarial sovereignty perspective it is soft-KYC by design and heavily data-collecting. It sits at the bottom of this set for long-term, high-sensitivity usage.

5. Final ranking & tiers

Tier 0 – Core Sovereign Primitives (“Sovereign Trident”)

These are architecturally, legally, and operationally the closest to non-KYC, capture-resistant primitives.

  1. Bisq
  • P2P over Tor, no registration, no KYC, DAO, 2-of-2 multisig escrow.(bisq.network)
  • No phone/email; no central data store; no single company to license or shut down.
  1. RoboSats
  • Tor-only Lightning P2P; FOSS; random avatars; no personal data required; LN hold-invoice escrow.(Learn RoboSats)
  1. Mostro
  • NO-KYC P2P Lightning exchange on Nostr; escrow via LN node; protocol-oriented, multiple instances possible.(Mostro)

Within Tier 0:

  • Most structurally kill-resistant (on-chain, base-layer): Bisq
  • Best Lightning-native today: RoboSats
  • Best Lightning-native trajectory and protocol purity: Mostro

Tier 1 – Strong but Regulation-Anchored

  1. Peach Bitcoin
  • Non-custodial, multisig escrow, mobile-friendly, broad payment support.(Peach Bitcoin Exchange)
  • Explicitly Swiss-licensed, AMLA-compliant, SRO-member, with non-KYC thresholds (1000 CHF/day, 100,000 CHF/year).(Peach Bitcoin Exchange)
  • Excellent tool inside the legal perimeter; not a core off-grid primitive.

Tier 2 – Peripheral / Identity-Heavy / Soft-KYC

  1. Vexl
  • Open-source, social-graph P2P, good cryptographic design.(KYCnot)
  • Phone number required; KYC level 2 (“KYC on authorities’ request”); legal entity & app-store reliant.(KYCnot)
  1. Hodl Hodl
  • Non-custodial multisig; large user base and many currencies.(Hodl Hodl)
  • Heavy data collection, retention up to 5 years; KYC mandatory in disputes or suspected abuse.(KYCnot)

6. Stack design: how they fit together

Thinking in layers rather than individual apps:

Base-layer (on-chain, BTC/fiat, hardest to kill)

  • Primary: Bisq

  • Main primitive for non-KYC BTC/fiat with maximal architectural sovereignty.

Lightning layer (fast sats, smaller flows)

  • Primary today: RoboSats

  • Tor-only, LN-native, practical liquidity for everyday stacking.

  • Emerging core: Mostro

  • Nostr-native, protocol/daemon architecture, designed to become a decentralized LN P2P standard.

Reg-integrated bridges

  • Peach

  • Non-custodial, no-ID within legal limits; practical for many users, but bound to AML rules and app stores.

Social/local and web P2P

  • Vexl

  • Social-graph, phone-anchored; good cryptography, but high identity surface.

  • Hodl Hodl

  • Useful global P2P venue; heavy logging and soft-KYC in edge cases.

7. Residual risks & unknowns

Even in this best-effort audit, some risk areas remain:

  • Server-side reality vs. docs

  • “No logs” and “no KYC” are policy statements; only code + reproducible builds + external audits can fully verify.

  • Supply-chain attacks

  • App-stores and binary distribution (for all non-source builds) can be compromised.

  • Payment-rail surveillance

  • Fiat methods (bank wires, cards, some fintech apps) remain strong points of deanonymization, independent of exchange design.

  • Future regulatory shifts

  • Especially critical for Peach, Vexl, and Hodl Hodl, which are already integrated into specific AML regimes, and for any coordinator or Mostro operator in specific jurisdictions.

8. Closing

Given current public information and adversarial scrutiny (architecture, law, data, topology), the Sovereign Trident of Bisq, RoboSats, and Mostro forms the core non-KYC P2P infrastructure for a sovereignty-maximalist stance.

  • Bisq – on-chain, DAO-governed, Tor-native base layer.
  • RoboSats – Tor-only LN workhorse for fast, small to medium sats flows.
  • Mostro – Nostr+Lightning protocol maturing into a decentralized LN P2P standard.

Peach, Vexl, and Hodl Hodl are important tools with specific strengths, but architecturally they sit outside the innermost sovereignty ring due to regulatory anchoring, identity requirements, and data-collection practices.

Replies (0)

No replies yet. Be the first to leave a comment!